none
401 Unauthorized Error: High Trust Provider Hosted App on SharePoint Foundation 2013 On Premise RRS feed

  • Question

  • Hi All,
    We have set up SharePoint Foundation 2013  on-premise VM server for development purpose. Created and deployed high-trust Provider Hosted SharePoint add-in using instructions provided in MSDN blog.

    Initially the sample provider hosted app is working fine without any issues. But now it is not working, giving 401 Unauthorized exception while creating Context at below highlighted lines in PageLoad of Default.aspx.

               var spContext = SharePointContextProvider.Current.GetSharePointContext(Context); 
     
                using (var clientContext = spContext.CreateUserClientContextForSPHost())
                {
                    clientContext.Load(clientContext.Web, web => web.Title);
                    clientContext.ExecuteQuery();
                    Response.Write(clientContext.Web.Title);
                }
    We have tried lot of things but still the issue is same. We have reconfigured everything from scratch, but the issue is not resolved. Please assist us to troubleshoot it.
    Thursday, February 9, 2017 7:12 AM

All replies

  • Hi lakhan,

    You can refer below links for similar issue.

    https://msdn.microsoft.com/en-us/library/office/dn762440.aspx?f=255&MSPPError=-2147217396

    http://jamestsai.net/Blog/post/SharePoint-Provider-Hosted-App-401-Unauthorized-error-on-clientContextExecuteQuery().aspx

    https://www.helloitsliam.com/2015/03/06/sharepoint-2013-high-trust-provider-hosted-app-401-unauthorized-error/

    Thursday, February 9, 2017 7:21 AM
  • Seems like a problem with either the permission that the app needs on the site, or a incorrectly set up SPTrustedSecurityTokenIssuer.

    1. You can try to trust the app again on the site.

    2. Check the SPTrustedSecurityTokenIssuers

    In PowerShell, execute: Get-SPAuthenticationrealm

    Write down the value you are getting back. Now execute: Get-SPTrustedSecurityTokenIssuer | fl name, reg*.

    The registeredissuername should look similar to: <guid>@<guid>.

    Make sure the guid after the @ sign is the same as the value coming from Get-SPAuthenticationRealm.


    Nico Martens
    SharePoint/Office365/Azure Consultant

    Thursday, February 9, 2017 7:42 AM